The present invention is generally related to credit card transaction systems and, more particularly, to an improved transaction terminal system and method for enhancing system security.
In recent years, transaction terminals and systems have increased in popularity and are now utilized for credit card transactions, check cashing authorization, and electronic funds transfer. With the increasing use of terminals for transaction involving large sums of money, system security has become an item of increased concern. In an effort to improve security, the use of personal identification numbers (PIN's) and card security features (CSF) has been proposed. Systems which utilize PIN's require that the card holder key-in the proper PIN before the transaction will be approved. Generally, each account number is assigned a PIN which is stored in memory. After the PIN is keyed-in by the account holder, the memory is accessed and a comparison is made between the keyed PIN and the stored PIN or a number derived algorithmically from the stored number. Conversely, a number arrived at algorithmically from the entered PIN may be compared with the stored or derived number. If the numbers do not compare, the system refuses the transaction.
Card security features are utilized to prevent fraud through the use of counterfeit or altered credit cards. Most recently, it has been proposed to provide a card security feature which would include optical data elements, in addition to magnetic data, whereby the pair of data sets may be utilized to determine the authenticity of the card. Such a security feature is disclosed in copending U.S. patent application Ser. No. 381,351, filed May 27, 1975 in the name of Francis C. Foote and assigned to the assignee of the present invention. Briefly, this security feature entails the use of a security code or the like which is defined at least in part by the spacial relationship between the optical and magnetic data elements on the card. After encoding, each card is assigned a corresponding security code which is recorded at a CPU, validation module, or other appropriate location, for subsequent comparison. with a code generated when the card is presented and read by a remote terminal. A favorable comparison within predetermined limits indicates that the card is authentic, while the absence of the comparison indicates that the card is counterfeit or has been altered.
In order to produce a counterfeit or duplicate card containing such a security feature, it is necessary to reproduce both data sets as well as the spacial relationship therebetween. This, of course, cannot be achieved by "magnetic skimming" or similar methods and would require considerable time and expense, as well as the use of sophisticated equipment to produce merely a single counterfeit card. Of course, it is foreseeable that if the reward is great enough, criminal elements will take such efforts to produce a counterfeit card or cards which may be used fraudulently through terminals in a transaction system.
It is possible that a criminal element may obtain security data, either in the form of a card security feature or PIN, by "tapping" the telecommunications line connecting a terminal to a system. When such a tap is successfully made, the PIN used or the observation made on the card security feature may be recorded along with other data pertinent to the transaction. From this data, one could conceivably produce (at a considerable expense) a counterfeit card and use such fradulently at any terminal within the system. It is also conceivable that PIN's obtained by tapping might be utilized fraudulently together with conventional credit cards which are simpler to counterfeit.
It has been proposed that encryption algorithms and the like be utilized to defeat the gathering of data by a telecommunication tap. However, skillful electronics technicians could conceivably tap into many terminals at a point prior to the encryption and thereby render the encryption useless as a security measure. It is also important to note that security information (such as PIN or CSF) which is gained through a telecommunications tap is useful in the perpetration of fraud at any terminal within the system. Thus, the collusion or deception which allowed a tap to occur in the first place cannot be readily identified with any one particular terminal from analyzing statistical fraud data. This could present an acute problem with respect to the interchange environment expected in the near future under banking and funds transfer applications, since cards provided by one of many issuers may be used in electronic terminals owned by other issuers. Thus, laxity on the part of one issuer or institution may compromise the security of another.
Accordingly, there is a definite need for a transaction system which provides improved security and, more particularly, which prevents the wrongful gathering of security data such as PIN's or card security features by terminal telecommunications taps.